CVE-2024-27114

SO Planning is vulnerable to an unauthenticated remote code execution via the PHP file upload feature when the public view setting is enabled. Affected versions are prior to 1.52.02; an attacker can upload a PHP file, which is briefly executable before removal, enabling code execution on the unde...

CVE-2024-27114 Remote Code Execution through File Upload in SOPlanning before 1.52.02

A unauthenticated Remote Code Execution RCE vulnerability is found in the SO Planning online planning tool. If the public view setting is enabled, a attacker can upload a PHP-file that will be available for execution for a few milliseconds before it is removed, leading to execution of code on the...

CVE-2024-44820

A sensitive information disclosure vulnerability exists in ZZCMS v.2023 and before within the eginfo.php file located at /3/Ebak5.1/upload/. When accessed with the query parameter phome=ShowPHPInfo, the application executes the phpinfo function, which exposes detailed information about the PHP...

AlienVault Authenticated SQL Injection Arbitrary File Read

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "AlienVault Authenticated SQL Injection Arbitrary File Read", 'Description' = %q AlienVault 4.5.0 is susceptible to an authenticated SQL injection...

Music Gallery Site SQL注入漏洞

Music Gallery Site is a music gallery site by the individual developer Carlo Montero. A SQL injection vulnerability exists in Music Gallery Site version 1.0, which stems from an unknown function in the file /php-music/classes/Master.php?f=deletemusic, where manipulation of the parameter id can le...

CVE-2024-43957

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Sk. Abul Hasan Animated Number Counters allows PHP Local File Inclusion.This issue affects Animated Number Counters: from n/a through 1.9...

CVE-2024-45057 Reflected Cross-Site Scripting in i-Educar

i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. A Reflected Cross-Site Scripting XSS vulnerability was identified in the dynamic generation of HTML fields prior to the 2.9 branch. The file located at...

CVE-2024-42767

Kashipara Hotel Management System v1.0 is vulnerable to Unrestricted File Upload RCE via /admin/addroomcontroller.php...

CVE-2024-42777

An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=signup" of Kashipara Music Management System v1.0, which allows attackers to execute arbitrary code via uploading a crafted PHP file...

PT-2024-30150 · Unknown · Kashipara Music Management System

Name of the Vulnerable Software and Affected Versions: Kashipara Music Management System version 1.0 Description: An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=save music" in Kashipara Music Management System. This allows attackers to execute arbitrary code via...

CVE-2024-42779

CVE-2024-42779 concerns Kashipara Music Management System v1.0. Affected component: the endpoint /music/ajax.php?action=save_music handles file uploads. Root cause: unrestricted file upload allows uploading a crafted PHP file, enabling arbitrary code execution on the server. Documented impact: re...

CVE-2024-42780

An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=savegenre" in Kashipara Music Management System v1.0. This allows attackers to execute arbitrary code via uploading a crafted PHP file...

Hotel Booking System 1.0 Shell Upload

============================================================================================================================================= | Title : Hotel Booking System 1.0 Remote File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...

CVE-2024-43129

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in WPDeveloper BetterDocs allows PHP Local File Inclusion.This issue affects BetterDocs: from n/a through 3.5.8...

CVE-2024-40482

CVE-2024-40482 affects Kashipara Live Membership System v1.0. An unrestricted file upload in "/Membership/edit_member.php" enables attackers to upload a crafted PHP file and achieve arbitrary code execution. The CVSS basis is 9.8 (CRITICAL): Network access, no authentication, low attack complexit...

CVE-2024-5807

The Business Card WordPress plugin through 1.0.0 does not prevent high privilege users like administrators from uploading malicious PHP files, which could allow them to run arbitrary code on servers hosting their site, even in MultiSite configurations...

CVE-2024-38529

Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.3.10, there is a Remote Code Execution Vulnerability in the Message module of the Admidio Application, where it is possible to upload a PHP file in the attachment. The...

CVE-2024-38529 Admidio Vulnerable to RCE via Arbitrary File Upload in Message Attachment

Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.3.10, there is a Remote Code Execution Vulnerability in the Message module of the Admidio Application, where it is possible to upload a PHP file in the attachment. The...

Lost And Found Information System 安全漏洞

Lost And Found Information System is a lost and found information system from Lost And Found. A security vulnerability exists in Lost And Found Information System version 1.0, which originates from a cross-site scripting vulnerability that allows a remote attacker to elevate the privileges of the...

PT-2024-38059 · Sourcecodester · Sourcecodester Employee/Visitor Gate Pass Logging System

Name of the Vulnerable Software and Affected Versions: SourceCodester Employee and Visitor Gate Pass Logging System version 1.0 Description: A critical issue has been found in the processing of the file /employee gatepass/classes/Master.php?f=delete department, where the manipulation of the id...